diff --git a/language/english.php b/language/english.php index 979f7a3ae..80d7d0715 100644 --- a/language/english.php +++ b/language/english.php @@ -1218,6 +1218,16 @@ 44 => 'Awaiting Authorization', 45 => 'Active', 46 => 'User Status', + 'user_status_desc' => 'An explanation of all possible user statuses: + ', 47 => 'Edit', 48 => 'Show Admin Groups', 49 => 'Admin Group', diff --git a/language/english_utf-8.php b/language/english_utf-8.php index 4401441b7..ee98c4306 100644 --- a/language/english_utf-8.php +++ b/language/english_utf-8.php @@ -1217,6 +1217,16 @@ 44 => 'Awaiting Authorization', 45 => 'Active', 46 => 'User Status', + 'user_status_desc' => 'An explanation of all possible user statuses: + ', 47 => 'Edit', 48 => 'Show Admin Groups', 49 => 'Admin Group', diff --git a/language/japanese_utf-8.php b/language/japanese_utf-8.php index 91874c195..6adb1ec86 100644 --- a/language/japanese_utf-8.php +++ b/language/japanese_utf-8.php @@ -1236,6 +1236,16 @@ 44 => '承認が通るのを待機中', 45 => '有効', 46 => 'ユーザーの状態', + 'user_status_desc' => 'An explanation of all possible user statuses: + ', 47 => '編集', 48 => '管理者グループを表示', 49 => '管理者グループ', @@ -1991,7 +2001,7 @@ ############################################################################### # "What's New" Time Strings -# +# # This here determines the order of the sentence "No new articles in 2 hrs" # order it so it makes sense in your language: # %i item, "Articles" @@ -2049,7 +2059,7 @@ ############################################################################### # Admin - Strings -# +# # These are some standard strings used by core functions as well as plugins to # display administration lists and edit pages @@ -2740,4 +2750,3 @@ 'config_setting_lang_array' => 'それぞれのキーには他と異なるユニークな言語ショートカット(\'en\', \'de\', \'ja\'など)を指定し、対応するフィールドには言語ファイル名から .php を除いたものを指定してください', 'config_setting_lang_array_element_req' => '少なくとも1つキーを指定してください。それぞれのキーには他と異なるユニークな言語ショートカット(\'en\', \'de\', \'ja\'など)を指定し、対応するフィールドには言語ファイル名から .php を除いたものを指定してください' ); - diff --git a/public_html/admin/user.php b/public_html/admin/user.php index c334472f6..dc7a1da16 100644 --- a/public_html/admin/user.php +++ b/public_html/admin/user.php @@ -314,10 +314,15 @@ function edituser($uid = 0, $msg = 0) $user_templates->set_var('user_about', htmlspecialchars($A['about'])); $statusarray = array( - USER_ACCOUNT_AWAITING_ACTIVATION => $LANG28[43], USER_ACCOUNT_ACTIVE => $LANG28[45], ); + // Only show Awaiting Activation status if user already this status as this is an automated status and should not be set by Admin + // Admin should use USER_ACCOUNT_NEW_EMAIL instead + if ($A['status'] == USER_ACCOUNT_AWAITING_ACTIVATION && !empty($uid)) { + $statusarray[USER_ACCOUNT_AWAITING_ACTIVATION] = $LANG28[43]; + } + $allow_other_statuses = true; // do not allow to ban yourself or forcing new email or password if (!empty($uid)) { @@ -343,7 +348,9 @@ function edituser($uid = 0, $msg = 0) } } - if (($_CONF['usersubmission'] == 1) && !empty($uid)) { + // If this status then $_CONF['usersubmission'] == 1 better be true + // Only show Awaiting Authorization status if user already this status as this is an automated status and should not be set by Admin + if (($A['status'] == USER_ACCOUNT_AWAITING_APPROVAL) && !empty($uid)) { $statusarray[USER_ACCOUNT_AWAITING_APPROVAL] = $LANG28[44]; } asort($statusarray); @@ -362,6 +369,7 @@ function edituser($uid = 0, $msg = 0) )); $user_templates->set_var('user_status', $statusselect); $user_templates->set_var('lang_user_status', $LANG28[46]); + $user_templates->set_var('lang_user_status_desc', $LANG28['user_status_desc']); if ($_CONF['custom_registration'] AND function_exists('CUSTOM_userEdit')) { if (!empty($uid) && ($uid > 1)) { diff --git a/public_html/docs/english/config.html b/public_html/docs/english/config.html index 673110a88..99d836248 100644 --- a/public_html/docs/english/config.html +++ b/public_html/docs/english/config.html @@ -1178,7 +1178,9 @@

Users and Submissions: User Submission

usersubmission 0 Enable (1) or disable (0) the user submission queue (i.e. - new users must be approved before they receive their password) + new users must be approved before they receive their password).

+ Note: If disabling this make sure you have no users currently in the user + submission queue. allow_domains '' (empty) diff --git a/public_html/docs/history b/public_html/docs/history index afdf70ba7..741c8f838 100644 --- a/public_html/docs/history +++ b/public_html/docs/history @@ -10,12 +10,15 @@ For more in-depth explanation of the issues below see: https://github.com/Geeklo - [Security] [NA] XSS issue with the Plugin Admin interface. (reported by Netsparker.com) [Mystralkk] - [Security] [NA] Issue with the comment library. (reported by Netsparker.com) [Tom] +- [Feature] [#1016] Staticpages can now be set individually if they will appear in the search results or not [Tom] + - [Improvement] [#1038] Staticpages which use PHP, and the template class with a theme that contains PHP, now will error gracefully for sites using PHP 7 or higher [Mystralkk] - [Bug] [#1043] Fixed hardcoded table names in upgrade for Geeklog v2.2.1 [Tom] - [Bug] [#1043] Fixed issue where the install would fail in some cases because it did not know where the system directory was [Tom] - [Bug] [#1045] Fixed tooltip links for Denim and Denim_three themes [Tom] - [Bug] [#1044] Fixed searching just articles [Tom] +- [Bug] [#1046] Fixed Users can only be set to certain statuses by Admins [Tom] The following items are all current Geeklog API, functions, and/or global variables that are planned to be either required or depreciated by a current Geeklog version. Plugin and Theme developers please take note of these changes in case they affect you. diff --git a/public_html/docs/japanese/history.html b/public_html/docs/japanese/history.html index db7140b61..8b9b69059 100644 --- a/public_html/docs/japanese/history.html +++ b/public_html/docs/japanese/history.html @@ -31,6 +31,10 @@

March ? 2020 (2.2.1sr1)

  • [Security] [NA] Issue with the comment library. (reported by Netsparker.com) [Tom]
    • + + @@ -40,6 +44,7 @@

    March ? 2020 (2.2.1sr1)

  • [Bug] [#1043] Fixed issue where the install would fail in some cases because it did not know where the system directory was [Tom]
  • [Bug] [#1045] Fixed tooltip links for Denim and Denim_three themes [Tom]
  • [Bug] [#1044] Fixed searching just articles [Tom]
    • +
  • [Bug] [#1046] Fixed Users can only be set to certain statuses by Admins [Tom]

    • The following items are all current Geeklog API, functions, and/or global variables that are planned to be either required or depreciated by a current Geeklog version. Plugin and Theme developers please take note of these changes in case they affect you.
    diff --git a/public_html/layout/denim/admin/user/edituser.thtml b/public_html/layout/denim/admin/user/edituser.thtml index 545427eee..4a853b320 100644 --- a/public_html/layout/denim/admin/user/edituser.thtml +++ b/public_html/layout/denim/admin/user/edituser.thtml @@ -42,7 +42,7 @@ {enable_tfa_options} -

    {lang_tfa_user_edit_desc}
    +
    {lang_tfa_user_edit_desc}
    {!endif}
    @@ -66,8 +66,9 @@ {display_fields} -
    {lang_user_status}
    +
    {user_status}
    +
    {lang_user_status_desc}
    diff --git a/public_html/layout/denim_three/admin/user/edituser.thtml b/public_html/layout/denim_three/admin/user/edituser.thtml index c8b9e4ab2..4a9a021f6 100644 --- a/public_html/layout/denim_three/admin/user/edituser.thtml +++ b/public_html/layout/denim_three/admin/user/edituser.thtml @@ -42,7 +42,7 @@ {enable_tfa_options} -
    {lang_tfa_user_edit_desc}
    +
    {lang_tfa_user_edit_desc}
    {!endif}
    @@ -66,8 +66,9 @@ {display_fields} -
    {lang_user_status}
    +
    {user_status}
    +
    {lang_user_status_desc}
    diff --git a/public_html/layout/modern_curve/admin/user/edituser.thtml b/public_html/layout/modern_curve/admin/user/edituser.thtml index ff4e49530..be02d94ca 100644 --- a/public_html/layout/modern_curve/admin/user/edituser.thtml +++ b/public_html/layout/modern_curve/admin/user/edituser.thtml @@ -70,8 +70,9 @@ {display_fields} -
    {lang_user_status}
    +
    {user_status}
    +
    {lang_user_status_desc}
    diff --git a/public_html/users.php b/public_html/users.php index 189551a45..a6e3a16d3 100644 --- a/public_html/users.php +++ b/public_html/users.php @@ -1112,6 +1112,9 @@ function USER_tryTwoFactorAuth() DB_query("UPDATE {$_TABLES['users']} SET emailconfirmid = NULL, emailtoconfirm = NULL WHERE uid = $uid"); COM_redirect($_CONF['site_url'] . '/users.php?msg=503'); + } else { + // Not valid emailconfirmid + COM_handle404(); } } elseif (!empty($_USER['uid']) && ($_USER['uid'] > 1) && ($_USER['status'] == USER_ACCOUNT_NEW_EMAIL)) { $msg = (int) Geeklog\Input::fRequest('msg', 0); diff --git a/system/lib-security.php b/system/lib-security.php index 2e143549b..e8046ac44 100644 --- a/system/lib-security.php +++ b/system/lib-security.php @@ -69,12 +69,12 @@ } /* Constants for account status */ -define('USER_ACCOUNT_DISABLED', 0); // Account is banned/disabled -define('USER_ACCOUNT_AWAITING_ACTIVATION', 1); // Account awaiting user to login. Email has been sent -define('USER_ACCOUNT_AWAITING_APPROVAL', 2); // Account awaiting moderator approval +define('USER_ACCOUNT_DISABLED', 0); // Account is banned/disabled. Username is crossed out, User cannot login, emails to account is disabled, profile cannot be viewed +define('USER_ACCOUNT_AWAITING_ACTIVATION', 1); // New Account awaiting user to login. Email has been sent but not verified. This is only set when a new account +define('USER_ACCOUNT_AWAITING_APPROVAL', 2); // Account awaiting moderator approval in the User Submission Queue. Not for remote accounts. This is only set when a new account define('USER_ACCOUNT_ACTIVE', 3); // Active account -define('USER_ACCOUNT_LOCKED', 4); // Account is locked. User cannot login, emails to account is disabled -define('USER_ACCOUNT_NEW_EMAIL', 5); // Emails to account is disabled. User when login must submit new email address and verify before access to rest of website (under the user account) +define('USER_ACCOUNT_LOCKED', 4); // Account is locked. User cannot login, emails to account is disabled, profile can still be viewed +define('USER_ACCOUNT_NEW_EMAIL', 5); // Emails to account is disabled. User when login must submit new email address and verify before access to rest of website (under the user account). Status stays this until email verified define('USER_ACCOUNT_NEW_PASSWORD', 6); // User when login must submit new password before access to rest of website (under the user account), Only for regular accounts and not remote /* Constant for Security Token */ diff --git a/system/lib-user.php b/system/lib-user.php index 8b8290150..217d6c0c3 100644 --- a/system/lib-user.php +++ b/system/lib-user.php @@ -1123,7 +1123,8 @@ function USER_showProfile($uid, $preview = false, $msg = 0, $plugin = '') COM_displayMessageAndAbort(30, '', 403, 'Forbidden'); } - if ($A['status'] != USER_ACCOUNT_ACTIVE && !SEC_hasRights('user.edit')) { + // Profile still viewable under the following user statuses + if (($A['status'] != USER_ACCOUNT_ACTIVE && $A['status'] != USER_ACCOUNT_LOCKED && $A['status'] != USER_ACCOUNT_NEW_EMAIL && $A['status'] != USER_ACCOUNT_NEW_PASSWORD) && !SEC_hasRights('user.edit')) { COM_handle404(); } @@ -1607,6 +1608,6 @@ function USER_isBanned($uid = 0) $A = DB_fetchArray($result, false); $status = (int) $A['status']; - return ($status == USER_ACCOUNT_DISABLED) || ($status == USER_ACCOUNT_LOCKED); + return ($status == USER_ACCOUNT_DISABLED); } }